Foxpro‎ > ‎Linux‎ > ‎

Installing ProFTPd

From: M.W.Chang

Date: November 15, 2003 (6th Revision)

This document describes the compile/install and configuration of a very basic ProFTPD service.


Grab the proftpd-1.2.9.tar.gz (tar-ball) from Proftpd website. I am using Caldera OpenLinux 3.1, so I configured the package with these switches, and use checkinstall-1.5.2 to turn the package into an regular RPM for installation. Note that I included some of the plug-in modules in /contrib directory of proftpd.

# decompress the archive in /usr/src
cd /usr/src
tar xzvf /path/to/proftpd-1.2.9.tar.gz
# configure it
cd proftpd-1.2.9
./configure \
--prefix=/usr \
--sysconfdir=/etc \
# later on, you may want to compile with these modules to deploy
# more advanced features like mysql and openldap support
# mod_sql:mod_sql_mysql:mod_ldap
make -j 3
# you may use checkinstall to install proftpd, which will
# keep a record of all the files installed by `check install`
# and build an rpm
# checkinstall -si make install
make install

NOTE: checkinstall-1.5.2 would require you to enter the path to Caldera's RPM repository in /usr/src/OpenLinux.

If everything goes well, you will find the following files installed:

root@server: html> rpm -qil proftpd
Name        : proftpd                      Vendor: (none)
Version     : 1.2.9                  Distribution: (none)
Release     : 1                        Build Host:
Install Date: 2003-11-02T03:54:58Z     Build Date: 2003-11-02T03:54:45Z
Size        : 968322                   Source RPM: proftpd-1.2.9-1.src.rpm
Group       : Applications/System
Copyright   : GPL
Packager    : checkinstall-1.5.2
Summary     : Package created with checkinstall 1.5.2
Description :
Package created with checkinstall 1.5.2


Next step, you need create the home directories of the default ftp. For my linux server, the home directory of my ftp account in /etc/passwd is /home/ftp. For this sample installation, there would be an additional directory /home/ftpdown for download only:

mkdir /home/ftp; chmod 753 /home/ftp; chown ftp:ftp /home/ftp
mkdir /home/ftpdown;chmod 555 /home/ftpdown; chown nobody:nobody /home/ftpdown


Most linux distribution came with wu-ftpd pre-installed. You have to disable it in inetd (/etc/inetd.conf or /etc/inet.d/ftp) or xinetd (/etc/xinetd.conf), restart inet tcp wrapper daemon. Otherwise it will be holding the ftp port (default: 20-21) foreever. Certain packages like portsentry will also bind itself to any un-used priviledge ports. So beware.

You can always know what programs are holding the port 21 (or any port number) by this command:

netstat -anp | grep 21

And then you can find out more about the program. The following shows how to find out more information about the progrma with a name of "ftp":

ps aux | grep ftp


Before we actually invoke /usr/sbin/proftpd, we need to write a configuration file called /etc/proftpd.conf:

  • Our proftpd will be a standalone daemon, which gives us speed and reliability.
  • All users will login as anonymous users. Users who want to upload will login as upload, which in fact is an alias for the same anonymous account.
  • The anonymous account is linked to a real user account ftp in /etc/passwd.
    ftp:x:14:50:FTP User:/home/ftp:/bin/false
  • For security sake, the ftp account will use a shell /bin/false to guarantee no login except for file transfer.
  • The home directory for the ftp account is specified in /etc/passwd as well.
  • To upload, users goes to ftp://111.222.333.444
  • Unlimited number of users can always upload (which you may not want that)
  • All uploads go to /home/ftp, to be owned by ftp:ftp, such that on one can download from it.
  • To allow files to be downloaded, chown nobody:nobody the_file and move them to /home/ftpdown.
  • To download, users goes to ftp://download@111.222.333.444
  • Users can download from /home/ftpdown only.
  • 3 users can download at any time (MaxClients)
  • Each download connection has bandwidth locked at 20000 kb/s (RateReadBPS).
  • Each downloader can connect to your ftp server once only (MaxsClientPerHost).
  • No linux users can login their home directory (well, I would study about it later)

Time to convert all these decign decisions into the proftpd config file /etc/proftpd.conf. You may cut-and-paste the following into the file /etc/proftpd.conf:

# beginning of proftpd.conf
ServerName		"Your FTP Server"
# If you want to use inetd/xinetd, make sure you edit their
# config files to use in.proftpd as daemon name, and change
# ServerType to inetd.
ServerType		standalone
# if not switched on, won't answer calls from unknown destinations
DefaultServer	on

DefaultTransferMode	binary
ServerIdent		off
DefaultRoot		~

# Port 21 is the standard FTP port.
Port			21

# If you do want normal users logging in at all, comment this

# Set the user and group that the server normally runs at.
User			nobody
Group			nogroup

MaxInstances		10

# Set the maximum number of seconds a data connection is allowed
# to "stall" before being aborted.
TimeoutStalled		300

UseFtpUsers		off
RootLogin		off
PersistentPasswd	off

# these speed up the login process but makes log less readable
UseReverseDNS		off
IdentLookup		off

# you can have a separate file from the regular /etc/passwd
#AuthUserFile		/etc/proftpd-passwd

  Umask                         022
  RequireValidShell             off
  AllowForeignAddress           on
  DirFakeGroup                  on      ~
  DirFakeUser                   on      ~
  DirFakeMode                   0440
  HiddenStor			on
# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin			welcome.msg
DisplayFirstChdir		.message
AccessDenyMsg			"404 Access for %u has been denied.

<Anonymous /home/ftpdown>
  <Limit LOGIN>
# you can use the alias as a password for your downloaders. :)
  UserAlias                     download ftp
# But if you really use a password, you need to encrypt the password 
# and paste the encrypted text below and uncomment the 2 lines below
# AnonRequirePassword           on
# UserPassword                  ftp crypted-text
  RequireValidShell             off
  User                          ftp
  Group                         ftp

# you may not like the bandwidth control below
# TransferRate        RETR|STOR|APPE|STOU KBrate:freebytes
  TransferRate			RETR 20:0
# older version use the following directive instead.
#  RateReadBPS			20000

  MaxClients                    3 "550 Too Many Users (Limit=%m)"
  MaxClientsPerHost             1 "551 One connection per IP"

# allow resume in downloading
  HideNoAccess			on
  AllowRetrieveRestart		on
  <Limit WRITE>

<Anonymous /home/ftp>
  <Limit LOGIN>
  UserAlias                     anonymous ftp
  User                          ftp
  Group                         ftp
  RequireValidShell             off
# allow resume in uploading
  AllowStoreRestart             on
  AllowOverwrite                on
# Reject all files with leading periods or dashes:
  PathDenyFilter "(^|/)[-.]"
# end of proftpd.conf

You will notice that there is a crypted-text above. It's the password for the ftp directory, encrypted by linux. You can use cli-crypt-1.0.tar.gz, which is a package that can be downloaded from basically written for generating password with proftpd. Another simple way is to use a simple perl script (courtesy of http://www.}

perl -e 'print("userPassword: ".crypt("secret","salt")."\n");'

Just run the script, cut and paste the password into the blank above will do.


The following is a script to start/stop proftpd daemon:

# reference:

# ProFTPD files

# If PIDFILE exists, does it point to a proftpd process?

if [ -f $PIDFILE ]; then
   pid=`cat $PIDFILE`

if [ ! -x $FTPD_BIN ]; then
    echo "$0: $FTPD_BIN: cannot execute"
    exit 1

case $1 in

      if [ -n "$pid" ]; then
        echo "$0: proftpd [PID $pid] already running"

      if [ -r $FTPD_CONF ]; then
        echo "Starting proftpd..."
	rm -f /etc/shutmsg
        $FTPD_BIN -c $FTPD_CONF

        echo "$0: cannot start proftpd -- $FTPD_CONF missing"

      if [ -n "$pid" ]; then
        echo "Stopping proftpd..."
        kill -TERM $pid

        echo "$0: proftpd not running"
        exit 1

      if [ -n "$pid" ]; then
        echo "Rehashing proftpd configuration"
        kill -HUP $pid

        echo "$0: proftpd not running"
        exit 1

      echo "usage: $0 {start|stop|restart}"
      exit 1

exit 0


Proftpd generates a log file that's similar to the log file wu-ftpd, ie /var/log/xferlog. That means, you can use the xferstats script in the /usr/src/proftpd-1.2.9/contrib directory of the proftpd source (or the one from wu-ftpd which has bugs) to analyze the log. I put the xferstats script in /usr/sbin. There is a newer version of xferstats. Search for it via using keyword "xferstats" or try . For a graphical presentation, you may use awstats. In her website, he got an article teaching you how to modify the proftpd log format to suit her presentation.

For your convinience, here's my /etc/logrotate.d/ftpd for proftpd's logs (in /var/log):

# beginning of /etc/logrotate.d/ftpd

/var/log/xferlog {
    /usr/bin/killall -HUP syslogd

/var/log/ftp {
  rotate 7
    /usr/bin/killall -HUP syslogd
# end of /etc/logrotate.d/ftpd


Just like wu-ftpd, the command ftpwho will tell you what users are currently connecting to your proftpd. For more detail, you can use ftpwho -v. With verbose mode, the transfer rate of each connection would be shown. And with the release of proftpd-1.2.7 and later, there is a new command called ftptop.

Alternatively, you may use SNMP tools like MRTG. One linux-sxs editor recommneded console tools pppstatus and ethstatus. I have found a tool called ifstat which is really simple.

root@server: init.d> ifstat
       eth0                eth1
 KB/s in  KB/s out   KB/s in  KB/s out
    0.67     16.96      0.00      0.00
    1.25     33.58      0.00      0.00
    0.67     16.81      0.00      0.00

There is also ntop, which is you can view its results via web browser (just like webmin). You can find them in!

Useful References

  • log analysis using awstats:
  • active vs passive ftp:
  • documentation in source code directory: /usr/src/proftpd-1.2.9/doc
  • documenetation for more advanced topics:
  • another mod for proftpd:
  • chinese how-to: